CN112217685A - Tunnel detection method, terminal device, system, computer device and storage medium - Google Patents

Tunnel detection method, terminal device, system, computer device and storage medium Download PDF

Info

Publication number
CN112217685A
CN112217685A CN201910625860.7A CN201910625860A CN112217685A CN 112217685 A CN112217685 A CN 112217685A CN 201910625860 A CN201910625860 A CN 201910625860A CN 112217685 A CN112217685 A CN 112217685A
Authority
CN
China
Prior art keywords
tunnel
detection
message
mark
terminal device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910625860.7A
Other languages
Chinese (zh)
Other versions
CN112217685B (en
Inventor
费恩达
沈唤勇
樊俊诚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qianxin Technology Group Co Ltd
Secworld Information Technology Beijing Co Ltd
Original Assignee
Qianxin Technology Group Co Ltd
Secworld Information Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qianxin Technology Group Co Ltd, Secworld Information Technology Beijing Co Ltd filed Critical Qianxin Technology Group Co Ltd
Priority to CN201910625860.7A priority Critical patent/CN112217685B/en
Publication of CN112217685A publication Critical patent/CN112217685A/en
Application granted granted Critical
Publication of CN112217685B publication Critical patent/CN112217685B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0811Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity

Abstract

The invention discloses a tunnel detection method, which can detect a tunnel according to a constructed tunnel detection message, and comprises the following steps: generating a tunnel detection message, wherein the tunnel detection message carries a detection mark and a tunnel mark, and the detection mark represents the tunnel detection message and is used for tunnel detection; determining a tunnel corresponding to the tunnel mark; encapsulating the tunnel detection message into the tunnel and sending the tunnel detection message to opposite-end equipment; and determining a detection result of the tunnel according to the response condition of the opposite terminal equipment. The present disclosure also provides another tunnel detection method, two terminal devices, a tunnel detection system, a computer device, and a computer-readable storage medium.

Description

Tunnel detection method, terminal device, system, computer device and storage medium
Technical Field
The present invention relates to the field of computer technologies, and in particular, to two tunnel detection methods, two terminal devices, a tunnel detection system, a computer device, and a computer-readable storage medium.
Background
A Virtual Private Network (VPN) is a Private Network established on a public Network by a tunneling technique, so that each branch office and a remote office user of an enterprise can access an internal Network of the enterprise through the VPN and provide security of communication. Internet Protocol Security (IPSec) is a tunnel encryption Protocol, is the most commonly used Protocol for implementing VPN function, and can provide transparent Security service for ip (Internet Protocol) network communication, thereby ensuring that communication traffic is not intercepted and tampered.
The IPSec protocol is not a single protocol and it presents a complete set of architectures for network data security applied on the IP layer, including: internet Key Exchange protocol (IKE) for IPSec tunnel negotiation, Authentication Header (AH) and Encapsulating Security Payload (ESP) for encapsulation of packets in IPSec tunnels.
The IPSec tunnel is used for protecting the flow and is divided into two stages, namely a tunnel negotiation stage and a data transmission stage. The tunnel negotiation stage uses IKE protocol to negotiate the tunnel, which is used to establish Security Association (SA) between two IPSec peers (IPsec protocol can provide Security communication between two endpoints, which are called IPsec peers), the negotiation process is divided into two stages, the first stage negotiation creates an IKE SA, mainly establishes an SA for protecting subsequent negotiation message interaction for both communication parties, provides authenticated Security communication channel for further two-stage negotiation of both parties, the second stage negotiation is performed under the protection of the established IKE SA, establishes an IPSec SA for negotiation, which is the Security Association finally established for data transmission. After the tunnel negotiation is completed, the IPSec SA negotiated in the two stages can be used for encapsulating the data traffic entering the tunnel according to the negotiated encapsulating protocol ESP or AH, the encryption algorithm, the authentication algorithm and the secret key, and then transmitting the encapsulated data traffic to the opposite terminal on the tunnel. That is, the data in the tunneling negotiation stage is not tunneled, and only the data in the data transmission stage is tunneled.
When IPsec peers communicate by using IPsec tunnels, tunnel communication between IPsec peers may be interrupted due to routing problems, restarting of peer devices, or other reasons, which requires a detection mechanism of an IKE peer, and when it is detected that an opposite end does not exist, a new negotiation may be initiated again to recover IPsec communication as soon as possible.
In the conventional technology, detecting the failure of the IPSec Peer mainly depends on a DPD (dead Peer detection) mechanism provided by the IPSec protocol itself, wherein one IPSec Peer detects whether another IPSec Peer is alive by sending a DPD probe packet.
However, the inventors found in the course of studying the present invention that: because the DPD detection packet is in a format of a negotiation packet based on an IPSec protocol, and the IPSec data packet is in an ESP and AH encapsulation format, the DPD detection packet is not transmitted in a tunnel, and the IPSec data packet is transmitted in the tunnel, so that actually the DPD detection packet does not necessarily indicate that IPSec data traffic can be passed through, for example, an operator in the middle of the tunnel shields that the DPD detection packet can be passed through but the data traffic in the tunnel is not passed through, and the tunnel is not actually usable. That is, in the prior art, the on/off of the tunnel cannot be detected when the DPD detection packet is used for detection.
Disclosure of Invention
The invention aims to provide two tunnel detection methods, two terminal devices, a tunnel detection system, a computer device and a computer readable storage medium, which can detect a tunnel according to a constructed tunnel detection message.
One aspect of the present invention provides a tunnel detection method, including: generating a tunnel detection message, wherein the tunnel detection message carries a detection mark and a tunnel mark, and the detection mark represents the tunnel detection message and is used for performing tunnel detection; determining a tunnel corresponding to the tunnel mark; encapsulating the tunnel detection message into the tunnel and sending the tunnel detection message to opposite-end equipment; and determining a detection result of the tunnel according to the response condition of the opposite terminal equipment.
Optionally, determining a tunnel corresponding to the tunnel flag includes: detecting whether the tunnel detection message carries the detection mark or not; when detecting that the tunnel detection message carries the detection mark, identifying the tunnel detection message as a message for tunnel detection; and identifying the tunnel mark carried by the tunnel detection message, and determining the tunnel corresponding to the tunnel mark.
Optionally, determining a detection result for the tunnel according to the response condition of the peer device includes: judging whether a detection response message returned by the opposite terminal equipment is received within a preset overtime time; determining that the tunnel is in a disconnected state when the detection response message is not received within the preset timeout period; and when the detection response message is received within the preset overtime, determining that the tunnel is in a connected state.
Optionally, the tunnel detection method further includes: after the tunnel is determined to be in the communication state, determining the packet loss number of single detection, the time delay of single detection and/or the hop count of single detection; and counting the packet loss rate of the tunnel, the average time delay of the tunnel, the jitter of the tunnel and/or the average hop count of the tunnel in a preset period.
Another aspect of the present invention provides another tunnel detection method, including: analyzing a message sent by an opposite terminal device through a tunnel to obtain a tunnel detection message, wherein the tunnel detection message is packaged into the tunnel and then sent by the opposite terminal device, the tunnel detection message carries a detection mark and a tunnel mark, the detection mark represents the tunnel detection message and is used for performing tunnel detection, and the tunnel corresponds to the tunnel mark; generating a detection response message corresponding to the tunnel detection message; and encapsulating the detection response message into the tunnel and returning the detection response message to the opposite terminal equipment.
Optionally, analyzing a message sent by the peer device through the tunnel to obtain a tunnel detection message, including: analyzing the message sent by the opposite terminal equipment through the tunnel to obtain an analyzed message; detecting whether the analysis message carries the detection mark; and when detecting that the analysis message carries the detection mark, taking the analysis message as the tunnel detection message.
Still another aspect of the present invention provides a terminal device, including: a first generation module, configured to generate a tunnel detection packet, where the tunnel detection packet carries a detection flag and a tunnel flag, and the detection flag represents the tunnel detection packet and is used for performing tunnel detection; a first determining module, configured to determine a tunnel corresponding to the tunnel identifier; a sending module, configured to encapsulate the tunnel detection packet into the tunnel and send the tunnel detection packet to an opposite-end device; and a second determining module, configured to determine a detection result for the tunnel according to a response condition of the peer device.
Yet another aspect of the present invention provides another terminal device, including: the system comprises an analysis module, a tunnel detection module and a sending module, wherein the analysis module is used for analyzing a message sent by an opposite terminal device through a tunnel to obtain a tunnel detection message, the opposite terminal device encapsulates the tunnel detection message into the tunnel and then sends the tunnel detection message, the tunnel detection message carries a detection mark and a tunnel mark, the detection mark represents the tunnel detection message and is used for performing tunnel detection, and the tunnel corresponds to the tunnel mark; a generating module, configured to generate a detection response message corresponding to the tunnel detection message; and the return module is used for encapsulating the detection response message into the tunnel and returning the detection response message to the first terminal equipment.
Yet another aspect of the present invention provides a tunnel detection system, including a first terminal device and a second terminal device, wherein: the first terminal device is configured to: generating a tunnel detection message, wherein the tunnel detection message carries a detection mark and a tunnel mark, the detection mark represents that the tunnel detection message is used for tunnel detection, determining a tunnel corresponding to the tunnel mark, encapsulating the tunnel detection message into the tunnel and sending the tunnel detection message to a second terminal device, and determining a detection result of the tunnel according to a response condition of the second terminal device; the second terminal device is configured to: and analyzing the message sent by the first terminal device through the tunnel to obtain the tunnel detection message, generating a detection response message corresponding to the tunnel detection message, packaging the detection response message into the tunnel, and returning the detection response message to the first terminal device.
Yet another aspect of the present invention provides a computer apparatus, comprising: the tunnel detection method according to any one of the embodiments is implemented by a memory, a processor, and a computer program stored in the memory and executable on the processor.
Yet another aspect of the present invention provides a computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the tunnel probing method according to any of the embodiments described above.
The invention provides a tunnel detection method, which is applied to a terminal device of a tunnel detection initiator, wherein the terminal device interacts with an opposite terminal device belonging to a tunnel detection responder through a tunnel, and in order to detect the tunnel, the terminal device can construct a tunnel detection message carrying a detection mark and the tunnel mark, and encapsulate the tunnel detection message into the tunnel corresponding to the tunnel mark and transmit the tunnel detection message to the opposite terminal device, so that the detection result of the tunnel can be determined according to the response condition of the opposite terminal device. And under the condition that the tunnels are in a connected state, the detection data can be continuously collected in the detection process to calculate the tunnel quality, and the main tunnel and the standby tunnel are selected according to the tunnel quality.
The invention also provides another tunnel detection method, which is applied to the terminal equipment of the tunnel detection responder, the terminal device interacts with a peer device belonging to a tunnel probe originator via the tunnel, and in response to a probe initiated by the peer device for the tunnel, the terminal equipment receives and analyzes a tunnel detection message for tunnel detection, which is obtained by the message forwarded by the opposite terminal equipment through the tunnel, then directly generating a corresponding detection response message, packaging the message into a tunnel, returning the message to the opposite terminal equipment, further realizing the detection of the tunnel through the cooperation with the opposite terminal equipment, the opposite terminal equipment determines the detection result of the tunnel according to the response condition of the terminal equipment, if the opposite terminal equipment receives the tunnel response message within the preset overtime, the tunnel is determined to be in a connected state, furthermore, the other tunnel detection method provided by the invention can realize the detection of the tunnel by responding to the tunnel detection message for detecting the tunnel.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 schematically shows a flow chart of a tunnel probing method according to an embodiment of the invention;
FIG. 2 schematically illustrates a flow diagram of a tunnel probing method according to another embodiment of the invention;
FIG. 3 schematically shows scene diagrams of two tunnel detection methods according to an embodiment of the present invention;
fig. 4 is a schematic diagram illustrating a forwarding flow of a tunnel probe packet according to an embodiment of the present invention;
fig. 5 schematically shows a block diagram of a first terminal device according to an embodiment of the invention;
fig. 6 schematically shows a block diagram of a second terminal device according to an embodiment of the invention;
FIG. 7 schematically illustrates a block diagram of a tunnel detection system according to an embodiment of the invention;
fig. 8 schematically shows a block diagram of a computer device suitable for implementing the tunnel probing method according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The invention provides a tunnel detection method, which can be applied to the following service scenes, specifically: the tunnel detection method can be applied to terminal equipment of a tunnel detection initiator, the terminal equipment interacts with opposite terminal equipment belonging to a tunnel detection responder through a tunnel, in order to detect the tunnel, the terminal equipment can construct a tunnel detection message carrying a detection mark and the tunnel mark, when the tunnel detection message is determined to be used for tunnel detection, the tunnel detection message is encapsulated into the tunnel corresponding to the tunnel mark, and an encapsulation result is sent to the opposite terminal equipment through the tunnel, so that the detection result of the tunnel is determined according to the response condition of the opposite terminal equipment. That is, the tunnel detection method provided by the present invention constructs the tunnel detection message specially used for tunnel detection, so that the tunnel detection message can be transmitted in the tunnel, and further the tunnel detection can be realized. In particular, fig. 1 schematically shows a flow chart of a tunnel detection method according to an embodiment of the present invention. As shown in fig. 1, the tunnel detection method may include steps S101 to S104, where:
step S101, generating a tunnel detection message, wherein the tunnel detection message carries a detection mark and a tunnel mark, and the detection mark represents the tunnel detection message and is used for tunnel detection.
In this embodiment, the terminal device may be a gateway device, such as a router, a firewall, and the like, and the terminal device may include: a build process belonging to the control plane, a kernel and a forward process belonging to the data plane. Step S101 may be implemented in a control plane of the terminal device, and may specifically be implemented by a configuration process, and step S102 to step S104 may be implemented in a data plane of the terminal device, and may specifically be implemented by a forwarding process.
After the tunnel detection packet is generated by the construction process, the tunnel detection packet may be forwarded to the data plane through the kernel, and specifically may be forwarded to a forwarding process of the data plane.
For example, in this embodiment, an icmp ping request is used to construct a tunnel probe packet, and a construction process may allocate a packet ID and a sequence number (seq for short) to the icmp ping request, where the packet ID is used to uniquely identify the packet, and the sequence number is used to characterize the sequence of reading the data packet, and then the construction process may construct the icmp ping request, the packet ID, the seq, a probe flag, and a tunnel flag into the tunnel probe packet, and send the constructed tunnel probe packet to a forwarding process on a data plane through a kernel.
Step S102, determining the tunnel corresponding to the tunnel mark.
In this embodiment, the tunnel mark is a mark of a tunnel to be detected this time, and after receiving the tunnel detection message, the forwarding process can identify the tunnel mark carried by the tunnel detection message from the tunnel detection message, and then determine the tunnel to be detected this time according to the tunnel mark.
Alternatively, step S102 may include steps S1021 to S1023, in which:
step S1021, detecting whether the tunnel detection message carries a detection mark;
step S1022, when detecting that the tunnel detection packet carries the detection flag, identifying the tunnel detection packet as a packet for performing tunnel detection;
and S1023, identifying the tunnel mark carried by the tunnel detection message, and determining the tunnel corresponding to the tunnel mark.
In this embodiment, after receiving the tunnel detection packet forwarded by the construction process through the kernel, the forwarding process needs to detect whether the packet carries a tunnel detection flag, and if so, the forwarding process recognizes the tunnel detection packet as a packet for performing tunnel detection, and then knows that the tunnel detection packet for performing tunnel detection inevitably carries the tunnel flag, and the forwarding process can determine the tunnel to be detected by recognizing the tunnel flag.
Step S103, the tunnel detection message is packaged into a tunnel and sent to the opposite terminal equipment.
In this embodiment, the forwarding process may encapsulate the tunnel detection packet into a tunnel, and send the encapsulation result to the peer device, where the peer device may be a device that interacts with the terminal device through the tunnel, such as a device of a tunnel detection responder, and the peer device may also be a gateway device, such as a router and a firewall.
It should be noted that, the tunnel detection packet may be encapsulated into the tunnel through an existing technical means, which is not described herein again in this embodiment.
And step S104, determining a detection result of the tunnel according to the response condition of the opposite terminal equipment.
In this embodiment, the response condition may include: the peer device does not return the detection response message within the predetermined timeout period and the peer device returns the detection response message within the predetermined timeout period, where the detection response message is a response result generated by the peer device based on the tunnel detection message, and the detection result may include: the tunnel is in a disconnected state and the tunnel is in a connected state. For example, step S104 may include steps S1041 to S1043, where:
step S1041, judging whether a detection response message returned by the opposite terminal equipment is received within a preset overtime;
step S1042, when the detection response message is not received within the preset overtime, the tunnel is determined to be in a disconnected state;
step S1043, determining that the tunnel is in a connected state when the detection response packet is received within a predetermined timeout period.
It should be noted that, in this embodiment, the forwarding process may send a tunnel detection message once within a predetermined time, if the forwarding process does not receive a detection response message corresponding to the tunnel detection message within a predetermined timeout time, the tunnel is considered to be in a disconnected state, and if the forwarding process receives the detection response message corresponding to the tunnel detection message within the predetermined timeout time, the tunnel is considered to be in a connected state. Or, the forwarding process continuously sends a plurality of tunnel detection messages to the opposite terminal device within the preset time, if the forwarding process does not receive a detection response message corresponding to any tunnel detection message returned by the opposite terminal device within the preset timeout time, the tunnel is considered to be in a disconnected state, and if the forwarding process receives a detection response message corresponding to any tunnel detection message returned by the opposite terminal device within the preset timeout time, the tunnel is considered to be in a connected state.
Further, the quality of a tunnel cannot be detected in the prior art, and when a plurality of tunnel backups usually exist in a communication dual-end device at present, it is expected that a message can be transferred to a tunnel with better quality for transmission in order to improve reliability and service quality, which requires that the detection of the tunnel not only can detect the connection and disconnection of the tunnel but also can calculate the quality of the tunnel according to the detection result, so as to provide a basis for selecting a route for the tunnel.
Optionally, in this embodiment, besides detecting the on-off state of the tunnel, the quality of the tunnel may also be detected, that is, the detection result may also include the quality of the tunnel. For example, the tunnel detection method may further include: after the tunnel is determined to be in a connected state, determining the packet loss number of single detection, the time delay of the single detection and/or the hop count of the single detection; and counting the packet loss rate of the tunnel, the average time delay of the tunnel, the jitter of the tunnel and/or the average hop count of the tunnel in a preset period.
In this embodiment, when the tunnel is in a connected state, the tunnel may be detected many times in a predetermined period, and for each detection, the packet loss number of a single detection, the time delay of a single detection, and/or the hop count of a single detection are recorded, where the hop count refers to the number of routers where this detection passes through this time under the condition that the router information corresponding to the peer device cannot be known. Optionally, the tunnel detection result in the predetermined period, such as the packet loss rate of the tunnel, the average time delay of the tunnel, and/or the average hop count of the tunnel, may also be obtained according to the result of each detection.
Furthermore, when a plurality of tunnels exist between the terminal equipment and the opposite terminal equipment, the tunnels with better quality can be selected for double-end interaction through detection of the tunnels. If the time delay is used as a main reference, the tunnel with the lowest time delay can be selected as the interactive tunnel of the dual-end device.
The present invention also provides another tunnel detection method, which can be applied to the following service scenarios, specifically: the tunnel detection method can be applied to a terminal device of a tunnel detection responder, which interacts with a peer device belonging to a tunnel detection initiator through a tunnel, and in order to respond to the detection of the tunnel initiation by the peer device, the terminal equipment receives and analyzes a tunnel detection message for tunnel detection, which is obtained by the message forwarded by the opposite terminal equipment through the tunnel, then directly generating a corresponding detection response message, packaging the message into a tunnel, returning the message to the opposite terminal equipment, further realizing the detection of the tunnel through the cooperation with the opposite terminal equipment, the opposite terminal equipment determines the detection result of the tunnel according to the response condition of the terminal equipment, if the opposite terminal equipment receives the tunnel response message within the preset overtime, the tunnel is determined to be in a connected state, furthermore, the other tunnel detection method provided by the invention can realize the detection of the tunnel by responding to the tunnel detection message for detecting the tunnel. In particular, fig. 2 schematically shows a flow chart of a tunnel probing method according to another embodiment of the present invention. As shown in fig. 2, the tunnel detection method may include steps S201 to S203, where:
step S201, analyzing a message sent by the peer device through the tunnel to obtain a tunnel detection message, where the peer device packages the tunnel detection message into the tunnel and sends the tunnel detection message, the tunnel detection message carries a detection flag and a tunnel flag, the detection flag represents the tunnel detection message for performing tunnel detection, and the tunnel corresponds to the tunnel flag.
The peer device in this embodiment may refer to a device corresponding to a tunnel detection initiator, and the peer device may be a gateway device, such as a router and a firewall. The terminal device in this embodiment may also be a gateway device, such as a router, a firewall, and the like, and the terminal device may include: a build process belonging to the control plane, a kernel and a forward process belonging to the data plane. Step S201 to step S203 may be implemented in a data plane of the terminal device in this embodiment, and may specifically be implemented by a forwarding process. After receiving the message sent by the peer device through the tunnel, the forwarding process analyzes the message to obtain a tunnel detection message carrying a detection flag, and executes step S202.
Alternatively, step S201 may include steps S2011 to S2013, where:
step S2011, analyzing a message sent by the opposite terminal equipment through the tunnel to obtain an analysis message;
step S2012, detecting whether the analysis message carries a detection mark;
and step S2013, when detecting that the analysis message carries the detection mark, using the analysis message as a tunnel detection message.
In this embodiment, when the dual-end device detects a tunnel, the tunnel may be in a use state, so that after a forwarding process of the terminal device receives and analyzes a message sent by the peer device to obtain an analysis message, it is not determined whether the analysis message is a tunnel detection message for performing tunnel detection, and then it is required to first detect whether the analysis message carries a detection flag, if so, the analysis message is considered to be the tunnel detection message for performing tunnel detection, and step S202 may be directly performed, and if not, the forwarding process may directly forward the analysis message.
Step S202, generating a detection response message corresponding to the tunnel detection message.
The construction process identifies the tunnel detection message through the tunnel mark for tunnel detection, so that a corresponding detection response message can be directly generated on a data layer, wherein the detection response message carries the detection mark. It should be noted that, a detection response message may be generated by using a prior art means, but the detection response message needs to carry a detection flag, and the purpose of carrying the detection flag is to enable the opposite end device to identify the message as a response result for performing tunnel detection.
For example, in connection with the above example, the probe response message may include the response of the icmp ping request, the message ID, the seq, and the probe flag.
Step S203, the detection response packet is encapsulated into the tunnel and returned to the peer device.
In this embodiment, the configuration process returns the detection response message to the peer device through the same tunnel, so that the peer device determines that the tunnel is in a connected state after receiving the detection response message within a predetermined timeout period, and determines the tunnel quality according to the detection response message received each time.
It should be noted that, for the two tunnel detection methods provided by the foregoing embodiment, the following service scenarios may also be applied, specifically: for an enterprise with higher reliability requirement, an enterprise headquarters generally has a plurality of exits, a plurality of tunnels can be established between the enterprise branches and the plurality of exits of the enterprise headquarters, and the two tunnel detection methods provided by the invention can be started on each tunnel, and when a certain tunnel is unavailable or the quality of the tunnel is seriously reduced, a routing module can be informed to guide the flow to other normal tunnels for forwarding. For example, as shown in fig. 3, there may be two tunnels between the enterprise headquarters and the enterprise branches, that is, tunnel 1 and tunnel 2, where tunnel 1 is a primary link and tunnel 2 is a standby link, when the enterprise headquarters is used as a tunnel detection initiator and the enterprise branches are used as tunnel detection responders, the enterprise headquarters may execute the tunnel detection method shown in fig. 1, and when the tunnel detection packet successfully reaches the enterprise branches, the enterprise branches may execute the tunnel detection method shown in fig. 2, thereby implementing detection of tunnels.
In order to describe the two tunnel detection methods provided by the present invention in detail, this embodiment further provides a schematic diagram of a forwarding flow of a tunnel detection packet in a dual-end device, see fig. 4. Fig. 4 is described in detail by taking IPSec tunnel and icmp ping request as an example in this embodiment, specifically, an IKED is an IPSec negotiation process in a control plane, the IKED can play a role in constructing a process, a kernel is a linux kernel, and a Data-plane is a forwarding process in a Data plane, and the whole forwarding flow is as follows:
1. a tunnel detection initiator (referred to as the initiator in fig. 4 for short) constructs a tunnel detection message in the ike, for example, an icmp ping request is used to construct a detection request message, a message ID and a seq are allocated to the icmp ping request, a detection flag and information such as a tunnel flag associated with the current tunnel detection message are set in the tunnel detection message, and the information is sent out through a socket port;
2. the tunnel detection message is sent to a Data-plane of a Data layer of a tunnel detection initiator through a kernel, the Data-plane identifies the Data-plane as a message for process tunnel detection through a detection mark set in the tunnel detection message, and the tunnel detection message is packaged into a corresponding tunnel according to the tunnel mark carried in the tunnel detection message and is forwarded to a tunnel detection responder;
3. a Data-plane in a Data plane of a tunnel detection responder (referred to as the responder in fig. 4 for short) receives a message in a tunnel, decapsulates the tunnel to obtain an original tunnel detection message, identifies the original tunnel detection message as a message for tunnel detection according to a set detection flag, directly generates a detection response message (such as response of an icmp ping request) in the Data plane, and encapsulates the detection response message into a corresponding tunnel through an ESP/AH to return to a tunnel detection initiator;
4. the data layer of the tunnel detection initiator receives the detection response message encapsulated in the tunnel, the detection response message is sent to the local kernel after being decapsulated, then the IKED can read the detection response message from the socket port, and whether the detection response message is matched or not is checked by comparing the message ID and seq of the icmp ping request and the IP address.
For each detection, if the tunnel detection initiator receives the detection response message within the overtime, the detection is considered to be successful, namely the tunnel is in a connected state, and the tunnel quality is recorded; otherwise, the detection is considered to be failed, namely the tunnel is in a disconnected state. If the continuous failure exceeds a certain number of times, the tunnel link failure is considered to be unavailable, at this time, the operation of tunnel switching can be triggered, meanwhile, the quality data of the tunnel can be periodically counted and updated in the IKED, and the tunnel can be selected according to the quality of the tunnel.
The embodiment of the present invention further provides a terminal device, which corresponds to the tunnel detection method provided in the above embodiment, and corresponding technical features and technical effects are not detailed in this embodiment, and reference may be made to the above embodiment for relevant points. In particular, fig. 5 schematically shows a block diagram of a first terminal device according to an embodiment of the invention. As shown in fig. 5, the first terminal device 500 may include a first generating module 501, a first determining module 502, a sending module 503, and a second determining module 504, wherein:
a first generating module 501, configured to generate a tunnel detection message, where the tunnel detection message carries a detection flag and a tunnel flag, and the detection flag represents the tunnel detection message and is used for performing tunnel detection;
a first determining module 502, configured to determine a tunnel corresponding to the tunnel flag;
a sending module 503, configured to encapsulate the tunnel detection packet into a tunnel and send the tunnel detection packet to an opposite-end device;
a second determining module 504, configured to determine a detection result for the tunnel according to a response condition of the peer device.
Optionally, the first determining module is further configured to: detecting whether the tunnel detection message carries a detection mark or not; when detecting that the tunnel detection message carries the detection mark, identifying the tunnel detection message as a message for tunnel detection; and identifying the tunnel mark carried by the tunnel detection message, and determining the tunnel corresponding to the tunnel mark.
Optionally, the second determining module is further configured to: judging whether a detection response message returned by the opposite terminal equipment is received within a preset overtime time; when the detection response message is not received within the preset overtime, determining that the tunnel is in a disconnected state; and when the detection response message is received within the preset overtime time, determining that the tunnel is in a connected state.
Optionally, the tunnel detection method may further include: after the tunnel is determined to be in a connected state, determining the packet loss number of single detection, the time delay of the single detection and/or the hop count of the single detection; and counting the packet loss rate of the tunnel, the average time delay of the tunnel, the jitter of the tunnel and/or the average hop count of the tunnel in a preset period.
The embodiment of the present invention further provides another terminal device, which corresponds to the another tunnel detection method provided in the foregoing embodiment, and corresponding technical features and technical effects are not described in detail in this embodiment, and reference may be made to the foregoing embodiment for relevant points. In particular, fig. 6 schematically shows a block diagram of a second terminal device according to an embodiment of the present invention. As shown in fig. 6, the second terminal device 600 may include a parsing module 601, a second generating module 602, and a returning module 603, where:
the analysis module 601 is configured to analyze a message sent by an opposite-end device through a tunnel to obtain a tunnel detection message, where the tunnel detection message is sent after being encapsulated into the tunnel by the opposite-end device, the tunnel detection message carries a detection flag and a tunnel flag, the detection flag represents the tunnel detection message and is used for performing tunnel detection, and the tunnel corresponds to the tunnel flag;
a second generating module 602, configured to generate a detection response message corresponding to the tunnel detection message;
a returning module 603, configured to encapsulate the detection response message into a tunnel and return the detection response message to the peer device.
Optionally, the parsing module is further configured to: analyzing the message sent by the opposite terminal equipment through the tunnel to obtain an analyzed message; detecting whether the analysis message carries a detection mark or not; and when detecting that the analysis message carries the detection mark, taking the analysis message as a tunnel detection message.
The embodiment of the present invention further provides a tunnel detection system, which corresponds to the two tunnel detection methods provided in the above embodiments, and corresponding technical features and technical effects are not described in detail in this embodiment, and reference may be made to the above embodiments for relevant points. In particular, fig. 7 schematically shows a block diagram of a tunnel detection system according to an embodiment of the invention. As shown in fig. 7, the tunnel probing system 700 may include a first terminal device 701 and a second terminal device 702, wherein:
the first terminal device 701 is configured to: generating a tunnel detection message, wherein the tunnel detection message carries a detection mark and a tunnel mark, the detection mark represents the tunnel detection message and is used for performing tunnel detection, determining a tunnel corresponding to the tunnel mark, packaging the tunnel detection message into the tunnel and sending the tunnel detection message to second terminal equipment, and determining a detection result of the tunnel according to the response condition of the second terminal equipment;
the second terminal device 702 is configured to: analyzing a message sent by the first terminal device through the tunnel to obtain a tunnel detection message, generating a detection response message corresponding to the tunnel detection message, packaging the detection response message into the tunnel, and returning the detection response message to the first terminal device.
Optionally, when determining the tunnel corresponding to the tunnel flag, the first terminal device is further configured to: detecting whether the tunnel detection message carries a detection mark or not; when detecting that the tunnel detection message carries the detection mark, identifying the tunnel detection message as a message for tunnel detection; and identifying the tunnel mark carried by the tunnel detection message, and determining the tunnel corresponding to the tunnel mark.
Optionally, when determining the detection result of the tunnel according to the response condition of the second terminal device, the first terminal device is further configured to: judging whether a detection response message returned by the opposite terminal equipment is received within a preset overtime time; when the detection response message is not received within the preset overtime, determining that the tunnel is in a disconnected state; and when the detection response message is received within the preset overtime time, determining that the tunnel is in a connected state.
Optionally, the first terminal device is further configured to: after the tunnel is determined to be in a connected state, determining the packet loss number of single detection, the time delay of the single detection and/or the hop count of the single detection; and counting the packet loss rate of the tunnel, the average time delay of the tunnel, the jitter of the tunnel and/or the average hop count of the tunnel in a preset period.
Optionally, when the second terminal device parses the message sent by the first terminal device through the tunnel to obtain the tunnel detection message, the second terminal device is further configured to: analyzing a message sent by the first terminal equipment through the tunnel to obtain an analyzed message; detecting whether the analysis message carries a detection mark or not; and when detecting that the analysis message carries the detection mark, taking the analysis message as a tunnel detection message.
Fig. 8 schematically shows a block diagram of a computer device adapted to implement the tunnel probing method according to an embodiment of the present invention. In this embodiment, the computer device 800 may be a smart phone, a tablet computer, a notebook computer, a desktop computer, a rack server, a blade server, a tower server, or a rack server (including an independent server or a server cluster composed of a plurality of servers), and the like that execute programs. As shown in fig. 8, the computer device 800 of the present embodiment includes at least but is not limited to: a memory 801, a processor 802, a network interface 803, which may be communicatively coupled to each other via a system bus. It is noted that FIG. 8 only illustrates the computer device 800 having components 801 and 803, but it is to be understood that not all illustrated components need be implemented and that more or fewer components can alternatively be implemented.
In this embodiment, the memory 803 includes at least one type of computer-readable storage medium, which includes flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, and the like. In some embodiments, the storage 801 may be an internal storage unit of the computer device 800, such as a hard disk or a memory of the computer device 800. In other embodiments, the memory 801 may also be an external storage device of the computer device 800, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), etc. provided on the computer device 800. Of course, the memory 801 may also include both internal and external memory units to the computer device 800. In this embodiment, the memory 801 is generally used for storing an operating system and various application software installed in the computer apparatus 800, such as program codes of the tunnel detection method. In addition, the memory 801 can also be used to temporarily store various types of data that have been output or are to be output.
Processor 802 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 802 generally operates to control the overall operation of the computer device 800. Such as program code for executing tunnel probing methods for data interaction or communication related control and processing with computer device 800.
In this embodiment, the tunnel detection method stored in the memory 801 may be further divided into one or more program modules and executed by one or more processors (in this embodiment, the processor 802) to complete the present invention.
The network interface 803 may include a wireless network interface or a wired network interface, and the network interface 803 is typically used to establish communications links between the computer device 800 and other computer devices. For example, the network interface 803 is used to connect the computer apparatus 800 with an external terminal via a network, establish a data transmission channel and a communication link between the computer apparatus 800 and the external terminal, and the like. The network may be a wireless or wired network such as an Intranet (Intranet), the Internet (Internet), a Global System of Mobile communication (GSM), Wideband Code Division Multiple Access (WCDMA), a 4G network, a 5G network, Bluetooth (Bluetooth), or Wi-Fi.
The present embodiment also provides a computer-readable storage medium including a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, a server, an App application mall, etc., on which a computer program is stored, which implements a tunnel detection method when executed by a processor.
It will be apparent to those skilled in the art that the modules or steps of the embodiments of the invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, embodiments of the invention are not limited to any specific combination of hardware and software.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (11)

1. A tunnel detection method, comprising:
generating a tunnel detection message, wherein the tunnel detection message carries a detection mark and a tunnel mark, and the detection mark represents the tunnel detection message and is used for tunnel detection;
determining a tunnel corresponding to the tunnel mark;
encapsulating the tunnel detection message into the tunnel and sending the tunnel detection message to opposite-end equipment;
and determining a detection result of the tunnel according to the response condition of the opposite terminal equipment.
2. The method of claim 1, wherein determining the tunnel corresponding to the tunnel flag comprises:
detecting whether the tunnel detection message carries the detection mark or not;
when detecting that the tunnel detection message carries the detection mark, identifying the tunnel detection message as a message for tunnel detection;
and identifying the tunnel mark carried by the tunnel detection message, and determining the tunnel corresponding to the tunnel mark.
3. The method according to claim 1, wherein determining the probing result for the tunnel according to the response condition of the peer device comprises:
judging whether a detection response message returned by the opposite terminal equipment is received within a preset overtime time;
when the detection response message is not received within the preset overtime, determining that the tunnel is in a disconnected state;
and when the detection response message is received within the preset overtime, determining that the tunnel is in a connected state.
4. The method of claim 3, further comprising:
after the tunnel is determined to be in the communication state, determining the packet loss number of single detection, the time delay of single detection and/or the hop count of single detection;
and counting the packet loss rate of the tunnel, the average time delay of the tunnel, the jitter of the tunnel and/or the average hop count of the tunnel in a preset period.
5. A tunnel detection method, comprising:
analyzing a message sent by an opposite terminal device through a tunnel to obtain a tunnel detection message, wherein the tunnel detection message is packaged into the tunnel and then sent by the opposite terminal device, the tunnel detection message carries a detection mark and a tunnel mark, the detection mark represents the tunnel detection message and is used for tunnel detection, and the tunnel corresponds to the tunnel mark;
generating a detection response message corresponding to the tunnel detection message;
and packaging the detection response message into the tunnel and returning the detection response message to the opposite terminal equipment.
6. The method of claim 5, wherein analyzing the packet sent by the peer device through the tunnel to obtain a tunnel detection packet includes:
analyzing the message sent by the opposite terminal equipment through the tunnel to obtain an analyzed message;
detecting whether the analysis message carries the detection mark;
and when detecting that the analysis message carries the detection mark, taking the analysis message as the tunnel detection message.
7. A terminal device, comprising:
the device comprises a first generation module, a second generation module and a third generation module, wherein the first generation module is used for generating a tunnel detection message, the tunnel detection message carries a detection mark and a tunnel mark, and the detection mark represents the tunnel detection message and is used for performing tunnel detection;
a first determining module, configured to determine a tunnel corresponding to the tunnel flag;
a sending module, configured to encapsulate the tunnel detection packet into the tunnel and send the tunnel detection packet to an opposite-end device;
and a second determining module, configured to determine a detection result for the tunnel according to a response condition of the peer device.
8. A terminal device, comprising:
the system comprises an analysis module, a tunnel detection module and a sending module, wherein the analysis module is used for analyzing a message sent by an opposite terminal device through a tunnel to obtain a tunnel detection message, the opposite terminal device encapsulates the tunnel detection message into the tunnel and then sends the tunnel detection message, the tunnel detection message carries a detection mark and a tunnel mark, the detection mark represents the tunnel detection message and is used for tunnel detection, and the tunnel corresponds to the tunnel mark;
a second generating module, configured to generate a detection response packet corresponding to the tunnel detection packet;
and the return module is used for packaging the detection response message into the tunnel and returning the detection response message to the first terminal equipment.
9. A tunnel detection system, comprising a first terminal device and a second terminal device, wherein:
the first terminal device is configured to: generating a tunnel detection message, wherein the tunnel detection message carries a detection mark and a tunnel mark, the detection mark represents that the tunnel detection message is used for tunnel detection, determining a tunnel corresponding to the tunnel mark, packaging the tunnel detection message into the tunnel and sending the tunnel detection message to a second terminal device, and determining a detection result of the tunnel according to a response condition of the second terminal device;
the second terminal device is configured to: analyzing the message sent by the first terminal device through the tunnel to obtain the tunnel detection message, generating a detection response message corresponding to the tunnel detection message, packaging the detection response message into the tunnel, and returning the detection response message to the first terminal device.
10. A computer device, the computer device comprising: memory, processor and computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 1 to 4 or the method of any of claims 5 to 6 when executing the computer program.
11. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method of any one of claims 1 to 4 or the method of any one of claims 5 to 6.
CN201910625860.7A 2019-07-11 2019-07-11 Tunnel detection method, terminal device, system, computer device and storage medium Active CN112217685B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910625860.7A CN112217685B (en) 2019-07-11 2019-07-11 Tunnel detection method, terminal device, system, computer device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910625860.7A CN112217685B (en) 2019-07-11 2019-07-11 Tunnel detection method, terminal device, system, computer device and storage medium

Publications (2)

Publication Number Publication Date
CN112217685A true CN112217685A (en) 2021-01-12
CN112217685B CN112217685B (en) 2022-03-25

Family

ID=74048139

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910625860.7A Active CN112217685B (en) 2019-07-11 2019-07-11 Tunnel detection method, terminal device, system, computer device and storage medium

Country Status (1)

Country Link
CN (1) CN112217685B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113225252A (en) * 2021-07-09 2021-08-06 腾讯科技(深圳)有限公司 Establishment method, processing method and related equipment for Bidirectional Forwarding Detection (BFD) session
CN113691418A (en) * 2021-08-23 2021-11-23 北京天融信网络安全技术有限公司 Tunnel detection method and device, storage medium and electronic equipment
CN113726593A (en) * 2021-07-31 2021-11-30 新华三信息安全技术有限公司 Tunnel fault detection method and device, electronic equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101132406A (en) * 2007-09-25 2008-02-27 杭州华三通信技术有限公司 Safe multiple tunnel method using internet protocol and three-layer equipment thereof
US20110161653A1 (en) * 2009-12-24 2011-06-30 Keohane Susann M Logical Partition Media Access Control Impostor Detector
CN102594646A (en) * 2011-12-31 2012-07-18 成都市华为赛门铁克科技有限公司 Switching method, switching device and transmission system of Internet protocol security tunnels
CN103716196A (en) * 2012-09-28 2014-04-09 杭州华三通信技术有限公司 Network device and detection method
CN106487802A (en) * 2016-11-07 2017-03-08 杭州迪普科技股份有限公司 The method for detecting abnormal of the IPSec SA based on DPD agreement and device
CN109831328A (en) * 2019-01-30 2019-05-31 杭州迪普科技股份有限公司 Switching method, device, the electronic equipment of intelligent route selection

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101132406A (en) * 2007-09-25 2008-02-27 杭州华三通信技术有限公司 Safe multiple tunnel method using internet protocol and three-layer equipment thereof
US20110161653A1 (en) * 2009-12-24 2011-06-30 Keohane Susann M Logical Partition Media Access Control Impostor Detector
CN102594646A (en) * 2011-12-31 2012-07-18 成都市华为赛门铁克科技有限公司 Switching method, switching device and transmission system of Internet protocol security tunnels
CN103716196A (en) * 2012-09-28 2014-04-09 杭州华三通信技术有限公司 Network device and detection method
CN106487802A (en) * 2016-11-07 2017-03-08 杭州迪普科技股份有限公司 The method for detecting abnormal of the IPSec SA based on DPD agreement and device
CN109831328A (en) * 2019-01-30 2019-05-31 杭州迪普科技股份有限公司 Switching method, device, the electronic equipment of intelligent route selection

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113225252A (en) * 2021-07-09 2021-08-06 腾讯科技(深圳)有限公司 Establishment method, processing method and related equipment for Bidirectional Forwarding Detection (BFD) session
CN113726593A (en) * 2021-07-31 2021-11-30 新华三信息安全技术有限公司 Tunnel fault detection method and device, electronic equipment and storage medium
CN113691418A (en) * 2021-08-23 2021-11-23 北京天融信网络安全技术有限公司 Tunnel detection method and device, storage medium and electronic equipment

Also Published As

Publication number Publication date
CN112217685B (en) 2022-03-25

Similar Documents

Publication Publication Date Title
CN111886833B (en) Method for redirecting control channel messages and device for implementing the method
CN112217685B (en) Tunnel detection method, terminal device, system, computer device and storage medium
CN110601902B (en) Interactive data processing method and device based on block chain network
US11509517B2 (en) Service OAM virtualization
CN107046495B (en) Method, device and system for constructing virtual private network
WO2017054576A1 (en) Unicast tunnel building method, apparatus and system
US20150381563A1 (en) Relay system for transmitting ip address of client to server and method therefor
US20160285820A1 (en) Method for processing address resolution protocol message, switch, and controller
CN107104929B (en) Method, device and system for defending network attack
WO2016150205A1 (en) Method, device and system for processing vxlan message
US11831763B2 (en) Methods, systems, and computer readable media for utilizing predetermined encryption keys in a test simulation environment
US11902047B2 (en) Virtual intranet acceleration method and system, configuration method, storage medium, and computer apparatus
CN106464596A (en) Openflow communication method, system, controller, and service gateway
CN105515816B (en) Processing method and device for detecting hierarchical information
CN110247926B (en) Interaction method and system
CN109743758B (en) Multi-link communication method, communication device and communication system
CN111064668B (en) Method and device for generating routing table entry and related equipment
CN108064441B (en) Method and system for accelerating network transmission optimization
CN111641545B (en) Tunnel detection method and device, equipment and storage medium
CN110784375B (en) Network data monitoring method and device, electronic equipment and storage medium
CN110166518B (en) Session information transmission method, device, storage medium and electronic device
CN102611631A (en) Method, device and system for protecting protocol under pseudo-wire scene
CN116781574A (en) In-band network telemetry method, in-band network telemetry device, in-band network telemetry equipment and storage medium
CN112910774B (en) Communication method, system and network forwarding equipment
WO2015176450A1 (en) Service delivery method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088

Patentee after: Qianxin Technology Group Co.,Ltd.

Patentee after: Qianxin Wangshen information technology (Beijing) Co., Ltd

Address before: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088

Patentee before: Qianxin Technology Group Co.,Ltd.

Patentee before: Wangshen information technology (Beijing) Co., Ltd